@debian.org mail

classic Classic list List threaded Threaded
33 messages Options
12
Reply | Threaded
Open this post in threaded view
|

@debian.org mail

Jean-Philippe MENGUAL-3
Hi,

Forwarding mail from @debian.org to my mailbox makes me apply complicated filters to stay subscribed to ML I wish. Do you confirm me it is really not wanted to pull mails from a Debian machine via POP? I really would love to separat ma Debian box fromothers.

Tell me if I should ask to another place.


Thanks for your help.



--
Jean-Philippe MENGUAL

Reply | Threaded
Open this post in threaded view
|

Re: @debian.org mail

Andrey Rahmatullin-3
On Tue, May 28, 2019 at 11:19:37PM +0200, Jean-Philippe MENGUAL wrote:
> Forwarding mail from @debian.org to my mailbox makes me apply
> complicated filters to stay subscribed to ML I wish.
Why?

--
WBR, wRAR

signature.asc (911 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: @debian.org mail

Tollef Fog Heen
In reply to this post by Jean-Philippe MENGUAL-3
]] Jean-Philippe MENGUAL

> Forwarding mail from @debian.org to my mailbox makes me apply
> complicated filters to stay subscribed to ML I wish.

In that case, I suggest you don't subscribe with your debian.org email
address.

> Do you confirm me it is really not wanted to pull mails from a Debian
> machine via POP? I really would love to separat ma Debian box
> fromothers.

We (debian/DSA) do not provide email hosting. We provide email
forwarding.

--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are

Reply | Threaded
Open this post in threaded view
|

Re: @debian.org mail

Daniel Lange-2
> We (debian/DSA) do not provide email hosting. We provide email
> forwarding.

DSA should re-evaluate that.

We run into more and more problems sending from @debian.org email
addresses as the three big players in email ratchet up their anti-spam
measures.

They are hosting a huge share of our users' email and the same for
prospective contributors:
<https://daniel-lange.com/archives/150-Google-GMail-continues-to-own-the-email-market,-Microsoft-is-catching-up.html>

The default reply for missing wafer confirmation emails (the software
running debconf19.debconf.org) and missing salsa password reset emails
is "check your Spam folder". Debian.org doesn't have a SPF record so
mail submitted from such Debian machines is a bit in a limbo.

We have more people registered for DebConf ("the Debian Developers'
conference") with @gmail.com than @debian.org addresses.

Mail submitted from DD's private IPs frequently gets flagged as spam
regardless of content by all three big players and - if submitted via
IPv6 - refused directly by Google. Microsoft and Yahoo still run their
MXs IPv4 only. But we can expect a similar policy once they add IPv6
SMTPs at scale. And they won't warn us up-front.
The missing SPF record mentioned above means there is a lot of spam
circulating with @debian.org fake senders and obviously our open
submission policy on many mailing-lists and @debian.org technical
addresses also fan out quite some spam. So we're not the best netizens
we could be.

To do better, we should really offer SMTP submission/IMAP services for
@debian.org as soon as possible and - after a grace period - publish a
mx -all SPF record.

Google has added mailly and muffat to their internal
has-no-proper-SPF-policy-whitelist (thank you!). This will obviously
increase the problems for people not sending via Debian machines down
the road.
Which is why a few people - including me - now route outbound via these
Debian MX machines. That's a work-around for the technically inclined
but won't really scale.

People have tried mending the gap by offering accounts on their personal
infrastructure to fellow developers (and thanks for that Tollef and others).

We like people to use their @debian.org or @debconf.org email address
when reaching out to sponsors and suppliers as this adds (perceived)
credibility and (true) visibility. So we should make it easy for people
to use those email addresses.

Just maintaining the status-quo of email-forwarding only seems past its
useful life time.

Kind regards,
Daniel

P.S.: I have offered helping to run email services to DSA in the past.
I don't only complain. But DSA has the issue of them having to run
committed infrastructure in the end. So if - for example - the Salsa
team were not wanting to run salsa.debian.org anymore, DSA would end up
having to add this to their work load. This is why DSA need to
prioritize email regardless of who will set it up and run it initially.

Reply | Threaded
Open this post in threaded view
|

Re: @debian.org mail

Jonathan Carter (highvoltage)-2
On 2019/06/03 10:40, Daniel Lange wrote:

> Mail submitted from DD's private IPs frequently gets flagged as spam
> regardless of content by all three big players and - if submitted via
> IPv6 - refused directly by Google. Microsoft and Yahoo still run their
> MXs IPv4 only. But we can expect a similar policy once they add IPv6
> SMTPs at scale. And they won't warn us up-front.
> The missing SPF record mentioned above means there is a lot of spam
> circulating with @debian.org fake senders and obviously our open
> submission policy on many mailing-lists and @debian.org technical
> addresses also fan out quite some spam. So we're not the best netizens
> we could be.
>
> To do better, we should really offer SMTP submission/IMAP services for
> @debian.org as soon as possible and - after a grace period - publish a
> mx -all SPF record.

I think you make a good case for offering SMTP, and that's very
beneficial to a lot of people. IMAP is a whole nother case in terms of
the kind of sustained work it requires and I'm unconvinced that it would
be at all worth it.

I have little sympathy for people who say "but I use gmail", there's
literally a 1000 better mail services on the Internet that they could
use without having to set up their own, and the good reasons not to use
google services keep rapidly piling up.

-Jonathan

--
  ⢀⣴⠾⠻⢶⣦⠀  Jonathan Carter (highvoltage) <jcc>
  ⣾⠁⢠⠒⠀⣿⡁  Debian Developer - https://wiki.debian.org/highvoltage
  ⢿⡄⠘⠷⠚⠋   https://debian.org | https://jonathancarter.org
  ⠈⠳⣄⠀⠀⠀⠀  Be Bold. Be brave. Debian has got your back.

Reply | Threaded
Open this post in threaded view
|

Re: @debian.org mail

Marco d'Itri
In reply to this post by Daniel Lange-2
On Jun 03, Daniel Lange <[hidden email]> wrote:

> The default reply for missing wafer confirmation emails (the software
> running debconf19.debconf.org) and missing salsa password reset emails is
> "check your Spam folder". Debian.org doesn't have a SPF record so mail
> submitted from such Debian machines is a bit in a limbo.
The current reality of email is that you cannot expect passable
deliverability for messages which do not have one of SPF or DKIM
aligned.

A first obvious step is to setup SPF records for services like salsa
and lists which send all mail from their own domain from the same
servers.

A second obvious step is to start DKIM-signing all email emitted by
Debian servers.

A third not so obvious step is to create a way for developers to publish
personal TXT or CNAMEs records below _domainkey.debian.org: this would
allow everybody to keep sending aligned messages from their own servers.
Maybe the infrastructure currently used for debian.net domains could be
easily adapted to do this as well.

> @debian.org as soon as possible and - after a grace period - publish a mx
> -all SPF record.
-all SPF records are not really useful unless you are a target of
phishing and break forwarding, so I strongly recommend against this.

--
ciao,
Marco

signature.asc (673 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: @debian.org mail

Sam Hartman-3
In reply to this post by Daniel Lange-2
>>>>> "Daniel" == Daniel Lange <[hidden email]> writes:

    Daniel> To do better, we should really offer SMTP submission/IMAP services for
    Daniel> @debian.org as soon as possible and - after a grace period - publish a
    Daniel> mx -all SPF record.

Actually publishing the SPF record seems fairly problematic.

1) You're asking all DDs to use this infrastructure you set up.

2) I'm not really sure I want the debian machines to get a copy of all
mail I send from my debian.org address.
Transport level encryption is a lot easier to use for recipients than
PGP or S/MIME.
So I do care about the transport of my mail messages.

Reply | Threaded
Open this post in threaded view
|

Re: @debian.org mail

Daniel Lange-2
Hi Sam,

Am 03.06.19 um 13:29 schrieb Sam Hartman:
> 1) You're asking all DDs to use this infrastructure you set up.

Currently everybody routes inbound mail via two Debian servers (as they
are the only MXs for debian.org).

Everybody who needs to make sure they can reach @gmail.com / GApps users
/ Microsoft hosted Exchange etc. need to send via these, too, cf. my
initial email.

People vote with their feet. We're not really overrun by new
contributors. We shouldn't afford the arrogance of "it is your problem
if my email doesn't reach your inbox". Esp. if we can do better.

That said, I don't care when DDs use their private domains for Debian
stuff. I'd be all for continuing them to do so.

For things like fundraising officially looking email addresses are
important. That's why I care to keep these functional. More DDs funded
to travel to DebConf is a more happy me. I'm also sure many @debian.org
-> random upstream messages are never received. Because random upstream
is a Google / Microsoft / Yahoo user or runs an email server with a
strict anti-spam policy. We just had that case with the cfp@ email of
our Hamburg Mini-DebConf rejecting @debian.org email because of "forged
recipients" and bad IP reputation scores. QQ (Tencent) refused emails
from Salsa. This is the biggest email hoster in China. I'd like more
Chinese to be able to participate in Debian. I have many such examples.

Hence I'd like us to offer email services to project members. That's an
offer. Not a requirement. If DDs use the Debian infra or continue using
their current setup, all fine for me.
Yes, a proper SPF record may make things more difficult for people that
run their own. But I - for example - run my own and route via Debian MX
(just the Debian mail of course). So it can be done. I just wish not
every DD had to, if they wouldn't want to. And possibly end up using
GMail and make Jonathan and many Free as in Freedom advocates unhappy.

> 2) I'm not really sure I want the debian machines to get a copy of all
> mail I send from my debian.org address.

In case anybody replies to your email, these machines get the gist of
your communication anyways. And you send via AWS (Amazon). I personally
trust DSA more.

To me emails are postcards. Everybody along the transport chain may
enjoy the pictures. Of course I can sign or encrypt if I want the
pictures to stay genuine or the back side text private.

There is currently a trend in the FLOSS ecosystem to try migrating off
irc, email and email lists towards Discourse, Gitlab, Mattermost and
other web based tools. I'm not a fan of that at all (siloing). But one
of the reasons is lowering the technical entry barrier to participation.
We should give at least the project members everything they need as
readily available as possible. And email is really basic.

Kind regards,
Daniel

Reply | Threaded
Open this post in threaded view
|

Re: @debian.org mail

Sam Hartman-3
>>>>> "Daniel" == Daniel Lange <[hidden email]> writes:

    Daniel> Hence I'd like us to offer email services to project members. That's
    Daniel> an offer. Not a requirement. If DDs use the Debian infra or continue
    Daniel> using their current setup, all fine for me.

We're agreed so far.

    Daniel> Yes, a proper SPF record may make things more difficult for people
    Daniel> that run their own. But I - for example - run my own and route via
    Daniel> Debian MX (just the Debian mail of course). So it can be
    Daniel> done.

I explained why I find routing the mail problematic.
But more than that, you don't need the SPF record.
Debian could  pay to get on one of the white lists, we could use some services
like Amazon SES, we could possibly get a good enough dkim reputation
that we don't need to do any of the above.

My point is that from experience, the SPF record will totally cripple
people wanting to use their own infrastructure even worse than we see
today.

I absolutely agree with the idea of improving Debian's email reputation.

Reply | Threaded
Open this post in threaded view
|

Re: @debian.org mail

Ian Jackson-2
Sam Hartman writes ("Re: @debian.org mail"):
> But more than that, you don't need the SPF record.  Debian could pay
> to get on one of the white lists, we could use some services like
> Amazon SES, we could possibly get a good enough dkim reputation that
> we don't need to do any of the above.

Debian should certainly not pay to get on some white list.  Nor should
we use some service whose primary purpose is gatekeeping.

> My point is that from experience, the SPF record will totally cripple
> people wanting to use their own infrastructure even worse than we see
> today.
>
> I absolutely agree with the idea of improving Debian's email reputation.

There are two things that are "wrong" with Debian's email reputation:

1. Some proprietary mail scanning systems used by corporates do not
experience enough mail from Debian's own servers, and therefore reckon
that some DSA-run email servers are not proper mail hosts.
[hidden email] cannot email my work email address, and neither can I
from my own colo.

2. We have not published mail restriction DNS RRs.  Some people seem
to think that this is a bad thing.

3. Some big services have other shitty heuristics which misclassify
mail from @debian.org users.

We cannot fix (2) without breaking the use case you talk about.  We
cannot fix (1) because it is corporate stupidity.

We may be able to improve (3) but we should be careful not to do so in
a way that is not available to operators of other legitimate private
mail domains.

Debian is in a better position than most to resist the hegemony of an
oligopoly of unaccountable email providers.  We should use our
political power, such as it is.

Ian.

--
Ian Jackson <[hidden email]>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

Reply | Threaded
Open this post in threaded view
|

Re: @debian.org mail

Xavier Guimard-3
In reply to this post by Sam Hartman-3
Le 03/06/2019 à 17:21, Sam Hartman a écrit :

>>>>>> "Daniel" == Daniel Lange <[hidden email]> writes:
>
>     Daniel> Hence I'd like us to offer email services to project members. That's
>     Daniel> an offer. Not a requirement. If DDs use the Debian infra or continue
>     Daniel> using their current setup, all fine for me.
>
> We're agreed so far.
>
>     Daniel> Yes, a proper SPF record may make things more difficult for people
>     Daniel> that run their own. But I - for example - run my own and route via
>     Daniel> Debian MX (just the Debian mail of course). So it can be
>     Daniel> done.
>
> I explained why I find routing the mail problematic.
> But more than that, you don't need the SPF record.
> Debian could  pay to get on one of the white lists, we could use some services
> like Amazon SES, we could possibly get a good enough dkim reputation
> that we don't need to do any of the above.
>
> My point is that from experience, the SPF record will totally cripple
> people wanting to use their own infrastructure even worse than we see
> today.

We can use "~all" or "?all" in SPF record, so it would increase Debian's
email reputation when using Debian SMTP services but would authorize to
use some other service. I remember that there is something like that in
DKIM.

> I absolutely agree with the idea of improving Debian's email reputation.

+1

Reply | Threaded
Open this post in threaded view
|

Re: @debian.org mail

Russ Allbery-2
In reply to this post by Sam Hartman-3
Sam Hartman <[hidden email]> writes:
>>>>>> "Daniel" == Daniel Lange <[hidden email]> writes:

>     Daniel> To do better, we should really offer SMTP submission/IMAP
>     Daniel> services for @debian.org as soon as possible and - after a
>     Daniel> grace period - publish a mx -all SPF record.

> Actually publishing the SPF record seems fairly problematic.

A possibly useful compromise is to do what Marco suggested: publish SPF
records for domains like lists.debian.org, where all the mail is coming
from Debian infrastructure.  That can easily be -all.  And then at least
we have the option of moving some of the most important official mail
messages (password reset links and so forth) to a subdomain with -all SPF
records, without affecting the flow of @debian.org mail.

(The same all applies to DKIM, of course, and DKIM is probably more
generally useful these days.  SPF is slowly dying in favor of DKIM most
places.)

--
Russ Allbery ([hidden email])               <http://www.eyrie.org/~eagle/>

Reply | Threaded
Open this post in threaded view
|

Re: @debian.org mail

Sam Hartman-3
In reply to this post by Ian Jackson-2

In this thread I'm speaking as an individual.
Other than approving DSA expendatures related to email, the DPL does not
set Debian's email policy.

>>>>> "Ian" == Ian Jackson <[hidden email]> writes:

    Ian> Sam Hartman writes ("Re: @debian.org mail"):
    >> But more than that, you don't need the SPF record.  Debian could pay
    >> to get on one of the white lists, we could use some services like
    >> Amazon SES, we could possibly get a good enough dkim reputation that
    >> we don't need to do any of the above.

    Ian> Debian should certainly not pay to get on some white list.  Nor should
    Ian> we use some service whose primary purpose is gatekeeping.

    >> My point is that from experience, the SPF record will totally cripple
    >> people wanting to use their own infrastructure even worse than we see
    >> today.
    >>
    >> I absolutely agree with the idea of improving Debian's email reputation.

I'd much rather pay money and allow members who do want to use their own
infrastructure to do so rather than set up an SPF record and force
everyone to go through the debian mxes.
I'd prefer to find a way to do none of the above and still get
reasonable email reputation with the large providers.

I think this is a case where serving our users and being practical is
more important than a moralistic stand.  If Ian's right that we could
somehow use our political power to make a difference, I'd be open to
considering that.
However, I'll point out that our priorities are our users and free
software.
Preserving the end-to-end principle, preserving the net, etc, are goals
that to a greater or lesser extent many of us may personally agree
with.  However, they are not Debian's goals.
When we allow related goals to get in the way of our priorities, we
damage those priorities.

--Sam

Reply | Threaded
Open this post in threaded view
|

Re: @debian.org mail

Marco d'Itri
In reply to this post by Ian Jackson-2
On Jun 03, Sam Hartman <[hidden email]> wrote:

> But more than that, you don't need the SPF record.
(Here comes a short lesson on email authentication...)
The most useful way to think about SPF and DKIM is that they allow to
move reputation considerations for a message from the sender IP address
to the sender domain (DKIM) or envelope sender domain (SPF).
This way receivers can safely assign a positive or negative reputation
to mail from specific domains instead of using the same reputation for
all mail emitted by a specific IP.
This is what happens when SPF and/or DKIM are aligned, i.e. they
successfully validate the (envelope) sender of the message.
This is why it is not very useful to have SPF records with ~all (which
may mean "deliver to the spam folder") or -all (which may mean
"reject"): the purpose of email authentication is managing positive
reputation.
Since we are not a financial institution we do not have major troubles
with forged @debian.org emails, so there is no need for ~all or -all SPF
records: we can use ?all which basically means "revert to IP-based
reputation if SPF is not aligned".
Also: SPF with hard failure (-all) breaks forwarding unless SRS is used,
and most of the existing tools which implement SRS suck, so this is not
a given.

> Debian could  pay to get on one of the white lists, we could use some services
> like Amazon SES, we could possibly get a good enough dkim reputation
> that we don't need to do any of the above.
There are no useful whitelists (which would require domain-based
reputation anyway) to solve this problem and a third party mail relay
would not improve deliverability without domain-based reputation
attached to debian.org.

On Jun 03, Ian Jackson <[hidden email]> wrote:

> 2. We have not published mail restriction DNS RRs.  Some people seem
> to think that this is a bad thing.
No. Many large receivers want to use domain-based reputation, and since
in the email world receivers are always right it is a bad thing (for us,
who are the ones having deliverability problems) that we are not
providing a way to do so.
As I explained, we can usefully deploy SPF and DKIM without adding any
new restriction for unaligned messages.

> 3. Some big services have other shitty heuristics which misclassify
> mail from @debian.org users.
Probably because they have no way of attaching a reputation to the
debian.org domain, given the lack of SPF and DKIM.

> Debian is in a better position than most to resist the hegemony of an
> oligopoly of unaccountable email providers.  We should use our
> political power, such as it is.
This would be nice if we had any political power which could be used,
but it is quite obvious that the debate about email authentication was
settled long ago in favour of domain-based reputation.
(And Google whitelisting some of our own servers is exactly the wrong
thing to aim for since it does not solve the problem in a general way.)

--
ciao,
Marco

signature.asc (673 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: @debian.org mail

Jonathan Dowland
In reply to this post by Daniel Lange-2
On Mon, Jun 03, 2019 at 10:40:26AM +0200, Daniel Lange wrote:
>>We (debian/DSA) do not provide email hosting. We provide email
>>forwarding.
>
>DSA should re-evaluate that.

I'm not sure I would want the existing DSA resource, spread as thin as it is,
allocated to running a mail hosting service. At least there are other things
I would prioritise above mail hosting.

OTOH, I run my own email systems end-of-end, as I'm sure many DDs do; and
I continue to do so partly out of inertia, I appreciate it's unrealistic
to expect all DDs, and newer/younger members, to do the same.

It may be worth, as a project, considering whether we would like something
different to what we have now, and I guess that's exactly what this thread is.
Best conducted at a project (requirements) level rather DSA (solutions) level.

--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄⠀⠀⠀⠀ Please do not CC me, I am subscribed to the list.

Reply | Threaded
Open this post in threaded view
|

Re: @debian.org mail

Marco d'Itri
In reply to this post by Russ Allbery-2
On Jun 03, Russ Allbery <[hidden email]> wrote:

> A possibly useful compromise is to do what Marco suggested: publish SPF
> records for domains like lists.debian.org, where all the mail is coming
> from Debian infrastructure.  That can easily be -all.  And then at least
> we have the option of moving some of the most important official mail
> messages (password reset links and so forth) to a subdomain with -all SPF
> records, without affecting the flow of @debian.org mail.
I have never suggested using -all because we are discussing improving
deliverability issues and -all cannot do this.
-all would stop some forged emails, but we do not have forged email
issues.

--
ciao,
Marco

signature.asc (673 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: @debian.org mail

Russ Allbery-2
Marco d'Itri <[hidden email]> writes:
> On Jun 03, Russ Allbery <[hidden email]> wrote:

>> A possibly useful compromise is to do what Marco suggested: publish SPF
>> records for domains like lists.debian.org, where all the mail is coming
>> from Debian infrastructure.  That can easily be -all.  And then at
>> least we have the option of moving some of the most important official
>> mail messages (password reset links and so forth) to a subdomain with
>> -all SPF records, without affecting the flow of @debian.org mail.

> I have never suggested using -all because we are discussing improving
> deliverability issues and -all cannot do this.  -all would stop some
> forged emails, but we do not have forged email issues.

Right, sorry, I should have been clearer that DKIM should be the top
priority rather than worrying about SPF, since that will do the most to
directly improve our sender reputation.  The point that you raised was
using subdomains, which I think is by far the easiest way to proceed.
debian.org itself is a complicated problem, but we can do a lot for, say,
lists.debian.org or bugs.debian.org by adding DKIM signing without
tackling that problem.

That said, it has been my anecdotal experience that adding restrictive
DMARC or SPF policies does help with sender reputation somewhat, but I
haven't tested this in any scientific way and it may be that I was
confusing correlation with causation.

--
Russ Allbery ([hidden email])               <http://www.eyrie.org/~eagle/>

Reply | Threaded
Open this post in threaded view
|

Re: @debian.org mail

Daniele Nicolodi
In reply to this post by Sam Hartman-3
On 03/06/2019 09:37, Sam Hartman wrote:
> I'd much rather pay money and allow members who do want to use their own
> infrastructure to do so rather than set up an SPF record and force
> everyone to go through the debian mxes.

Pay money for which service exactly? I am not aware of any widely
deployed whitelist that filters on source address, which I think would
be the only solution that would allow members to use their own
infrastructure.

Cheers,
Dan

Reply | Threaded
Open this post in threaded view
|

Re: @debian.org mail

Sam Hartman-3
>>>>> "Daniele" == Daniele Nicolodi <[hidden email]> writes:

    Daniele> On 03/06/2019 09:37, Sam Hartman wrote:
    >> I'd much rather pay money and allow members who do want to use their own
    >> infrastructure to do so rather than set up an SPF record and force
    >> everyone to go through the debian mxes.

    Daniele> Pay money for which service exactly? I am not aware of any widely
    Daniele> deployed whitelist that filters on source address, which I think would
    Daniele> be the only solution that would allow members to use their own
    Daniele> infrastructure.

We could pay money to get better deliverability for mail that does go
through Debian machines.
I  don't want to break or help people running their own infrastructure.

Reply | Threaded
Open this post in threaded view
|

Re: @debian.org mail

Sebastian Andrzej Siewior
In reply to this post by Sam Hartman-3
On 2019-06-03 11:37:39 [-0400], Sam Hartman wrote:
> I'd much rather pay money and allow members who do want to use their own
> infrastructure to do so rather than set up an SPF record and force
> everyone to go through the debian mxes.

With my kernel.org address I get mail forwarding and a SMTP server for
sending emails ->
   https://korg.wiki.kernel.org/userdoc/mail

A SMTP server for mail deliver used by DDs would be money much better
spent than paying random companies to get @debian.org on their
whitelist. After all, a random person can post using [hidden email]
and his dial-up or $2 VM and getting through the whitelists.

I don't get the point why the debian machines would get a copy of email
email sent. It ends up in the spool folder and gets deleted once
delivered. Also I don't see the point why using a specific machine mail
delivery is problem.

> I'd prefer to find a way to do none of the above and still get
> reasonable email reputation with the large providers.

Nope. I don't mind that email is forwaded only but SMTP should be part
of the email setup.

> I think this is a case where serving our users and being practical is
> more important than a moralistic stand.  If Ian's right that we could
> somehow use our political power to make a difference, I'd be open to
> considering that.

I don't understand what you want do with the "political power".

> --Sam

Sebastian

12